Bamboozled November 27, 2018: Lawmaker’s Uber account was hacked. Now she wants to protect consumers

If you were to see Assemblywoman Amy Handlin’s Uber account from August, you’d think she was a very well-traveled woman.

In one day, her account was charged for rides in New York City, Chicago, Los Angeles, Las Vegas and even Hawaii.

The rest of the month was just as active, according to her account history.

“It showed an average of 5.5 trips per day, had me crossing the country 56 times and even had me going from Boston to Philadelphia to Cleveland to Los Angeles to Chicago all in one day,” Handlin said. “This raised no red flags to Uber.”

A hacked account

Her account was hacked. What’s worse, Handlin said, she realized Uber doesn’t offer much in terms of consumer protection or communication should something go wrong.

We want to say upfront that Handlin didn’t reach out to us for help with her Uber account. After a long and frustrating ordeal, she was able to get it taken care of – as a consumer, not as a legislator.

But now that her experience is over, she wants to use her position to see if she can get Uber to do more to protect consumers.

“It is horrifying that this problem took over a month to solve and even now, I cannot get in touch with Uber to discuss this serious matter,” she said.

Here’s what happened to Handlin and what she plans to do about it.

Tracking the rides

On Aug. 9, Handlin wanted to take an Uber, but she had trouble logging into her account.

She contacted Uber through the app and the issue was corrected, she said.

The next day, she couldn’t access her account again.

“I contacted Uber through the app where I was told the phone number and email I provided wasn’t associated with the account,” Handlin said. “This is the only email and phone number I have ever used with Uber and therefore, I realized I had been hacked.”

Amy Handlin

Over the next few weeks, she said, she tried to contact Uber through the app and through email to reach a human being.

She was unsuccessful.

Her many emails received the same canned responses, saying the email address she was using was not associated with the account.

Handlin said she had never used a different email, but telling that to Uber went nowhere. Requests for further assistance yielded more canned responses, most of which didn’t make much sense, she said.

“It was computer-generated gobbledegook,” she said.

Amy Handlin

While she was trying to complain, the unauthorized rides kept coming.

More than 100 trips had been taken across the country and charged to her account. Some charges were for as little as $5, but others cost hundreds of dollars. The most costly was $361.

In all, the scammers racked up more than $3,000 in charges.

And although she had reported the account had been hacked, not once did Uber notify her that the charges continued, she said.

Amy Handlin

Handlin finally found relief when she disputed the charges with her credit card. The Uber rides were taken off her bill, but she had to cancel her credit card to make sure it wasn’t further compromised.

“Uber, as a public company, requires the public’s trust in its product. Their lack of responsiveness is unacceptable and the protocols are not in place at Uber to keep the customers safe,” Handlin said.

Trying to help consumers

Handlin said Uber has a responsibility to protect consumers and offer more help than she received when her account was hacked.

“My credit card company sends me a phone call, email or text if I use my card outside of the ordinary. Why can’t Uber?” she said.

She decided it was time to step out of her role as a typical consumer and step into her role as a lawmaker.

She wanted some real answers from the company, she said.

It took more than two months to get those answers, but they weren’t enough for Handlin.

Apologies but nothing specific

On Aug. 28, Handlin reached out to an Uber lobbyist in Trenton. The lobbyist arranged for a call with an Uber executive.

The call happened on Sept. 4.

“The Uber executive apologized but offered nothing specific, nothing concrete, just a lot of assurances about how things were going to get better,” Handlin said.

The executive offered to put her in touch with others at the company who could be more specific.

She waited. And followed up. And waited some more. And followed up again.

Uber executives speak

Handlin finally had a conference call with several Uber executives on Nov. 7.

This call wasn’t much more satisfying, she said.

Handlin said the executives explained that it was working behind the scenes and at great expense to combat fraud.

“The point I brought up many times: It’s clear that other companies that operate globally with very, very complex transactional challenges, but they somehow manage to implement systems which alert customers to suspected fraud and work with customers to resolve issues,” she said. “Clearly the technology is out there.”

Amy Handlin

Handlin said she told the company that while it can focus on fraud prevention in the back office, “that doesn’t mean it’s okay to lose sight of the customer-facing side of the company.”

“For for all intents and purposes, there is none, and to me it is absolutely unacceptable that it is impossible to reach a human being,” she said.

Handlin said she told the executives she is considering “various potential legislative responses” to better protect consumers, so consumers can be notified of suspicious activity on their accounts.

“State governments can’t legislate what a company does internally, but what we can do is consider the question of whether a company is trustworthy enough to be a partner with us, for example, at places like Newark Airport and N.J. Transit facilities,” Handlin said.

The executives apologized for her experience, she said, noting they were willing to continue to discuss the issue or even come to a public forum, should Handlin schedule one.

What ride-share companies say

We reached out to Uber to learn more about what a customer can do if the app and emailed customer service help attempts fail.

While we waited for a response, we contacted Lyft to see about its policies.

A Lyft spokeswoman said the company has a “Critical Response Line” for consumers.

Customers can find it in the app at the bottom of the help pages. It can also be found on the website here.

But you don’t get a number to call. Instead, you enter your phone number and a Lyft representative is supposed to call you back.

What Uber offers

Uber’s system seems to work differently.

Uber is in trials to offer phone support for riders in certain markets through a new rewards program, said Uber spokeswoman Melanie Ensign.

We reviewed the rewards program, which is available in New Jersey and is free. The problem? Customers earn one point for every dollar spent, and they have to spend $7,500 in a six-month period before they’re eligible for the top level, which is the one that offers the phone support.

Handlin says that’s not enough.

“Adequate, accessible customer support – especially, though not exclusively, for victims of fraud – should be a basic responsibility of the company, not a ‘reward’ that users are expected to `earn,'” Handlin said.

We took that criticism to Uber, which said it is testing the phone support – with the rewards program – and “it’s not uncommon now for customers to speak with a support agent over the phone after initially reporting an issue through the mobile app or website.”

To combat suspicious logins, Ensign said, Uber’s standard practice is to refund riders for unauthorized trips so they’re not responsible for those costs even if they’re not flagged Uber’s system.

Ensign also said Handlin’s case was “mishandled.”

“Fraud-related issues are supposed to be escalated to a dedicated team of experts for investigation, which would have led to a faster resolution,” she said.

Uber’s fraud detection system

Ensign said Uber’s fraud detection system uses machine-learning, so it can get smarter with every case, so “what we learned from this case helps prevent it from happening again because we can train the system to look for it.”

Also, she said, Uber offers a new two-step verification feature that will flag “all new logins for you, regardless of whether our system flags it as suspicious or not — so you have an additional level of protection no matter what.”

She said while this is standard for most large tech companies, Uber is the first U.S. ride-sharing company to offer it.

Are changes coming?

We asked if Uber is considering any kind of notification system for users whose accounts show unusual or suspicious activity.

Uber already does this, Ensign said, when someone logs in from a new device, if a password is changed or if changes are made to contact information.